Lucene search
+L

149 matches found

CVE
CVE
added 2026/04/08 6:24 p.m.14 views

CVE-2026-35169

CVE-2026-35169 – LORIS help_editor XSS risk Affected software: LORIS (Longitudinal Online Research and Imaging System) self-hosted web application. Vulnerability: The help_editor module failed to properly sanitize certain user-supplied variables, enabling a reflected cross-site scripting (XSS) at...

8.7CVSS5.9AI score0.00157EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 6:23 p.m.4 views

CVE-2026-35165 LORIS has incorrect access checks in document_repository

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...

6.3CVSS5.9AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 6:23 p.m.13 views

CVE-2026-35165

CVE-2026-35165 affects LORIS (Longitudinal Online Research and Imaging System). From 21.0.0 up to just before 27.0.3 and 28.0.1, the document_repository frontend enforced access controls while the backend endpoint failed to verify permissions, allowing a user to potentially download a file they s...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/08 6:23 p.m.26 views

CVE-2026-35165 LORIS has incorrect access checks in document_repository

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...

6.3CVSS0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 6:22 p.m.31 views

CVE-2026-34985 LORIS has incorrect access checks in media module

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not have access to, the...

6.3CVSS0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 6:22 p.m.4 views

CVE-2026-34985 LORIS has incorrect access checks in media module

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not have access to, the...

6.3CVSS5.8AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 6:22 p.m.10 views

CVE-2026-34985

LORIS (Longitudinal Online Research and Imaging System) has an access-control flaw in the media module: from 16.1.0 up to just before 27.0.3 and 28.0.1, the frontend filters access-restricted files but the backend did not enforce access checks, allowing unauthorized users to access a file if the ...

6.5CVSS5.9AI score0.00226EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/08 6:22 p.m.3 views

CVE-2026-34985 LORIS has incorrect access checks in media module

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not have access to, the...

6.3CVSS6AI score0.00226EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 5:57 p.m.7 views

EUVD-2026-20557

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 5:57 p.m.2 views

CVE-2026-34392 LORIS has a path traversal in static router

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 5:57 p.m.20 views

CVE-2026-34392 LORIS has a path traversal in static router

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory...

7.5CVSS0.0025EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 5:57 p.m.15 views

CVE-2026-34392

CVE-2026-34392 affects LORIS (Longitudinal Online Research and Imaging System). A bug in the static file router from 20.0.0 up to before 27.0.3 and 28.0.1 allows path traversal to escape the intended directory, enabling unintended files to be downloaded via the static, css, and js endpoints. Fixe...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 5:47 p.m.5 views

CVE-2026-33350 LORIS has a SQL injection in MRI feedback popup

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 5:47 p.m.23 views

CVE-2026-33350 LORIS has a SQL injection in MRI feedback popup

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...

7.5CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 5:47 p.m.13 views

CVE-2026-33350

Product: LORIS (Longitudinal Online Research and Imaging System). Issue: SQL injection in the MRI feedback popup window of the imaging browser. Root cause: Vulnerable code sections allowed SQL ingestion prior to certain releases. Versions affected: before 27.0.3 and 28.0.1. Impact: Attackers coul...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

LORIS Neuroimaging Platform 安全漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform from 24.0.0 to 27.0.3, as well as versions before 28.0.1, have security vulnerabilities. These vulnerabilities stem from incorrect operation sequences in the FilesDownloadHandler...

8.6CVSS5.8AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

LORIS Neuroimaging Platform 安全漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open source developed by ACElab. Versions of LORIS Neuroimaging Platform from 21.0.0 to 27.0.3, as well as versions before 28.0.1, have security vulnerabilities. These vulnerabilities stem from the backend endpoints not properly verifying...

6.5CVSS5.8AI score0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

LORIS Neuroimaging Platform SQL注入漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained a SQL injection vulnerability. This vulnerability stems from SQL injections in the MRI feedback pop-up window of the imaging browser, which...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

LORIS Neuroimaging Platform 安全漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained security vulnerabilities. These vulnerabilities stemmed from lack of access checks in the media module backend, which could allow unauthorize...

6.5CVSS5.8AI score0.00226EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.13 views

LORIS Neuroimaging Platform 后置链接漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform from 20.0.0 to 27.0.3, as well as versions before 28.0.1, had a postback link vulnerability. This vulnerability stemmed from an error in the endpoint of the publication module,...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder